System Center Data Protection Manager 2012 agent installation fails with error 319

Article ID: 2621989 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Pushing the System Center Data Protection Manager 2012 (DPM) agent to a target computer fails with the following error:

Install protection agent on name.domain.com failed:
Error 319: The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com.
Error details: The RPC server is unavailable (0x800706BA)
Recommended action: 1) Verify that name.domain.com is remotely accessible from the DPM server.
2) If a firewall is enabled on name.domain.com, make sure that it is not blocking requests from the DPM server. Refer to the DPM Deployment Guide for more information on configuring the firewall for DPM.

The DPM-Alerts event log displays the following event.

Log Name:        DPM Alerts
Source:            DPM-EM
Date:               <date>
Event ID:          370
Task Category: None
Level:              Warning
Keywords:      Classic
User:              N/A
Computer:      name.domain.com
Description:

Agent operation failed. (ID: 370)
The agent operation failed because of a communication error with the DPM Agent Coordinator service on name.domain.com. (ID: 319)

Cause

The Windows firewall on the target computer blocked dpmac.exe from accepting incoming network connections.

Resolution

There are two recommended ways to resolve this issue.

1. Temporarily disable the Windows Firewall on the target computer when deploying the agent.  Once the installation completes the Windows Firewall can be re-enabled.

or

2. If you cannot disable the firewall, or if you have many servers and you do not want to edit each one individually, you can add firewall rules that will allow the incoming network connections required for the DPM agent installation process. The main benefit of this method is that you can automate the process using the commands below, allowing you to script the solution and deploy it via GPO or other methods.

These commands must be run from an elevated command prompt (Run As Administrator) and should be run on all target computers that have the firewall enabled. 

NOTE DPM version information will need to reflect your current DPM installation version. A sample path is given below. Replace <DPMVersion> with the correct DPM major version x.x.xxxx.x number.

DPM 2010 ------- version 3.0.7696.0
DPM 2012 ------- version 4.0.1908.0
DPM 2012 SP1 -- version 4.1.3313.0
DPM 2012 R2 --- version 4.2.1205.0

The initial command below should allow the agent to be installed:

Netsh advfirewall firewall add rule name = "dpmac" dir=in program="C:\Program Files\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\<DPMVersion>\dpmac.exe" action=allow

If the command above does not allow the agent install to succeed, add following additional rules:

Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager Replication Agent" dir=in program="C:\Program files\Microsoft Data Protection Manager\DPM\bin\dpmra.exe" profile=Any action=allow

Netsh advfirewall firewall add rule name="Microsoft System Center 2012 R2 Data Protection Manager DCOM setting" dir=in action=allow protocol=TCP localport=135 profile=Any

Netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=yes

Netsh advfirewall firewall add rule name="DPMAM_WCF_SERVICE" dir=in program="C:\Microsoft Data Protection Manager\DPM\bin\AMSvcHost.exe" profile=Any action=allow

Netsh advfirewall firewall add rule name="DPMAM_WCF_PORT" dir=in action=allow protocol=TCP localport=6075 profile=Any

More Information

Listed below are the ports required for DPM Agent install.  Again note the version may change

Protocol   Local Port      Program Path
TCP           5719          %ProgramFiles%\Microsoft Data Protection Manager\DPMAC\bin\dpmac.exe
TCP           RPC Dynamic   %ProgramFiles%\Microsoft Data Protection Manager\DPMAC\bin\dpmac.exe
TCP           5719          %ProgramFiles%\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\3.0.7696.0\dpmac.exe
TCP           RPC Dynamic   %ProgramFiles%\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\3.0.7696.0\dpmac.exe
TCP           5718          %ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe
TCP           RPC Dynamic   %ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe

For a list of all required ports used for DPM see Configuring Firewalls - http://technet.microsoft.com/en-us/library/hh757794.aspx

Additional information:

Reference - http://blogs.technet.com/b/dpm/archive/2011/10/03/system-center-data-protection-manager-2012-agent-installation-fails-with-error-319.aspx

Enabling Windows Firewall logging (default location: %windir%\System32\LogFiles\Firewall) may list no blocked packets but you will notice the following event:

The Microsoft Windows Firewall event logs contains the following event.
Log Name:      Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Source:        Microsoft-Windows-Windows Firewall With Advanced Security
Date:          <date>
Event ID:      2011
Task Category: None
Level:         Information
Keywords:
User:          LOCAL SERVICE
Computer:      name.domain.com
Description:
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Reason:  Inbound notifications are not enabled
Application Path: C:\windows\microsoft data protection manager\dpm\protectionagents\ac\4.0.1617.0\dpmac.exe
IP Version: IPv6
Protocol: TCP
Port:  5719
Process Id: 3740
User:  SYSTEM

Note In some instances the initial attempt to push the agent to the protected server will fail with the error below and subsequent installations fail with the 319 error:

Install protection agent on name.domain.com failed:
Error 347: An error occurred when the agent operation attempted to create the DPM Agent Coordinator service on name.domain.com.
Error details: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed one initialized.
Recommended action: Verify that the Agent Coordinator service on name.domain.com is responding, if it is present. Review the error details, take the appropriate action, and then retry the agent operation.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2621989 - Last Review: July 1, 2014 - Revision: 9.0
Applies to
  • Microsoft System Center Data Protection Manager 2010
Keywords: 
KB2621989

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com